I find myself a lot lately explaining the difference between positive security and negative security.
Positive Security: a security policy based on modeling of the application or the system that is being defended. Things that agree with the model are considered legal while all other things are suspicious to be illegal.
Negative Security: a security policy based on modeling of the malicious things (e.g., attacks, worms, viruses, and so on). So that things that agree with the model are considered suspicious to be illegal while all other things are considered as legal.
No comments:
Post a Comment